I am trying to ssh from my computer at work into my home PC. My work computer is running mac os x 10.6.3, home PC is running ubuntu.
At home I have multiple PC's hooked up through a router and modem. I have gone into the router settings and set up port forwarding to forward ports 22 and 175 to my linux pc. (22 is the standard ssh port, I set 175 as well for testing).
I then got the external IP of my home network (Which I believe is pointing to the router?), 66.***.***.***.
Trying to run ssh from my work computer I get
ssh 66.***.***.*** -p 22
ssh: connect to host 66.***.***.*** port 22: Operation timed out
ssh 66.***.***.*** -p 175
ssh: connect to host 66.***.***.*** port 175: Connection refused
I also tried telnet
telnet 66.***.***.*** 175
Trying 66.***.***.***...
telnet: connect to address 66.***.***.***: Connection refused
telnet: Unable to connect to remote host
telnet 66.***.***.***
Trying 66.***.***.***...
telnet: connect to address 66.***.***.**: Connection timed out
telnet: Unable to connect to remote host
telnet 66.***.***.*** 22
Trying 66.***.***.***...
telnet: connect to address 66.***.***.**: Connection timed out
telnet: Unable to connect to remote host
All of these commands going to any port other then 175 have a 30-60 second delay before saying connection timed out. The connection refused message on port 175 comes immediately after typing the command.
ping does work, gives results like
ping 66.***.***.***
PING 66.***.***.*** (66.***.***.***): 56 data bytes
64 bytes from 66.***.***.***: icmp_seq=0 ttl=116 time=23.313 ms
64 bytes from 66.***.***.***: icmp_seq=1 ttl=116 time=23.737 ms
64 bytes from 66.***.***.***: icmp_seq=2 ttl=116 time=23.214 ms
64 bytes from 66.***.***.***: icmp_seq=3 ttl=116 time=23.381 ms
Can anybody help? I am not sure what is going wrong.
I did set up port forwarding on my router to send ports 175 and 22 to the ubuntu machine.
Also, I found out that sshd was not listening to port 175, so I fixed that. However, now I get the operation timed out error on both ports 22 and 175, so I am inclined to believe that I am getting through the router but not getting into the machine, otherwise changing settings on the ubuntu machine shouldn't change the error.
However, ssh to the ubuntu machine from others on my home network works so it's only getting in from outside that is a problem.
Is there a firewall in ubuntu that is by default on that I would have to change settings on to make this work?
Ubuntu has all the ports close by default. It has iptables as a firewall.
To open ports you can use a GUI utility like Firestarter or you can use the command line utily ufw that is installed already. These are just front-end managers.
Here's is an example to some configuration using ufw (uncomplicated firewall)
If all of the ports were closed wouldn't it block an ssh connection from another computer on my home network? I mentioned before that sshing around within my home network works fine, it's just coming in from outside that does not. Or does iptables distinguish between local and global connections?
@daynews
I don't believe I can ssh in to my work computer from home. At work it's on a fairly large network and I have no access to the networking routers or anything to do port forwarding. If the problem is on that end I am probably out of luck.
I will try changing the rules on iptables when I can.
I was misinformed about Ubuntu having all ports closed in the desktop. The firewall is installed but by default accepts any connection. Regardless, you were able to connect inside your LAN. That rules out that is a port issue at the target host.
Don't mess with iptables rules before you figure your remote issue.
You said that you forwarded the proper ports in you router? Do you have only a router connected to you system, or there's any other device in the middle?
The router passes off to an ethernet switch and then to my computer. This may be the problem, but I had thought the switch's only functionality was to split the internet connection, not to perform firewall functionality like a router.
I found a setting called Demilitarized Zone on my router (D-Link DI-604). It is supposed to allow unrestricted internet access to the specified IP. Maybe this will help, I will check in the morning when I get into work.
Update: Port forwarding is definitely working. ssh to the external IP from inside my home network redirects back to the ubuntu machine. Hopefully this means it is working now... I suppose I will find out
Awesome, I have it working. Thank you to everybody for your help. I had missed a firewall exemption in my router settings.
Glad you've solved your problem. I think most of the time users should peform these steps. It won't apply to you anymore but could help others who has the same problem
I think these are the steps you should take
1) Open the port 22 in your router. I assume you are behind th NAT. So on your router you must have some option to do NAT-ting. So put port 22 to liste to the IP address that has been assigned to your Ubuntu machine.
2) Make sure sshd is running on Ubuntu.
3) Flush iptables this way
/sbin/iptables -F
/sbin/iptables -X
4) Try to connect
If this all does not work try to disable selinux this way:
vi /etc/selinux/config and make sure it looks like
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted